General

  • Target

    d949ea4466b8a6048f1e1ba10f5720e5c03b6cf4b1e31a818900686f46e63e8e

  • Size

    1.0MB

  • Sample

    220525-cqrklsbgan

  • MD5

    3d7bbed806431547e76b7392436fee11

  • SHA1

    c86e1f65d24252dbdf70db763349933d456242c1

  • SHA256

    d949ea4466b8a6048f1e1ba10f5720e5c03b6cf4b1e31a818900686f46e63e8e

  • SHA512

    e874f1c1714356b23509a76d221274f2e73178a6fb49ccc9301fa985984053293e877ce7e8ec4a1c2b3a096cba9a5b9b9daab015e80681d632d19b68f6b5aa47

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

NYAN CAT

C2

dongreg202020.kozow.com:8874

Mutex

45812126d8ab49289ee6c31f7bc59730

Attributes
  • reg_key

    45812126d8ab49289ee6c31f7bc59730

  • splitter

    |'|'|

Targets

    • Target

      d949ea4466b8a6048f1e1ba10f5720e5c03b6cf4b1e31a818900686f46e63e8e

    • Size

      1.0MB

    • MD5

      3d7bbed806431547e76b7392436fee11

    • SHA1

      c86e1f65d24252dbdf70db763349933d456242c1

    • SHA256

      d949ea4466b8a6048f1e1ba10f5720e5c03b6cf4b1e31a818900686f46e63e8e

    • SHA512

      e874f1c1714356b23509a76d221274f2e73178a6fb49ccc9301fa985984053293e877ce7e8ec4a1c2b3a096cba9a5b9b9daab015e80681d632d19b68f6b5aa47

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks